Coffee Software Forensic

Posted on  by 
Coffee Software Forensic 3,5/5 5139 reviews

May 07, 2010  If this is the old news I apologize. I just find out that Microsoft's COFEE (Computer Online Forensic Evidence Extractor) tool was leaked on to the Internet in November 2009. In response to this, Microsoft has issued take-down notices to sites hosting. Google toolbar download windows 8.

Computer Online Forensic Evidence Extractor (COFEE) COFEE is a collection of Microsoft software designed to all the easy capture of important 'live' computer evidence at the scene in cybercrime investigations, without special forensics expertise. Computer Online Forensic Evidence Extractor (COFEE) is a tool kit, developed by Microsoft, to help computer forensic investigators extract evidence from a Windows computer. Installed on a USB flash drive or other external disk drive, it acts as an automated forensic tool during a live analysis. Microsoft provides COFEE devices and online.

This action allows to run the program in another client post.Supported protocol: Aptana Studio 3 takes into account multi protocol such as SFTP, FTPS and Capistrano. Aptana studio 3 for windows. Key featuresCreation: Aptana Studio 3 can help the user to generate HTML, CSS or JavaScript and many other encoding. Indeed, this option allows the user to call or execute the program through a language utility. The generated files can be used to create dynamic web pages and to modify its design.Execution: this function is also called Command line option.

Computer Online Forensic Evidence Extractor (COFEE) is a tool kit, developed by Microsoft, to help computer forensic investigators extract evidence from a Windowscomputer. Installed on a USB flash drive or other external disk drive, it acts as an automated forensic tool during a live analysis. Microsoft provides COFEE devices and online technical support free to law enforcement agencies.

  • 1Development and distribution

Development and distribution[edit]

COFEE was developed by Anthony Fung, a former Hong Kongpolice officer who now works as a senior investigator on Microsoft's Internet Safety Enforcement Team.[1] Fung conceived the device following discussions he had at a 2006 law enforcement technology conference sponsored by Microsoft.[2] The device is used by more than 2,000 officers in at least 15 countries.[3]

A case cited by Microsoft in April 2008 credits COFEE as being crucial in a New Zealand investigation into the trafficking of child pornography, producing evidence that led to an arrest.[1]

In April 2009 Microsoft and Interpol signed an agreement under which INTERPOL would serve as principal international distributor of COFEE. University College Dublin's Center for Cyber Crime Investigations in conjunction with Interpol develops programs for training forensic experts in using COFEE.[4] The National White Collar Crime Center has been licensed by Microsoft to be the sole US domestic distributor of COFEE.[5]

Public leak[edit]

On November 6, 2009, copies of Microsoft COFEE were leaked onto various torrent websites.[6] Analysis of the leaked tool indicates that it is largely a wrapper around other utilities previously available to investigators.[7] Microsoft confirmed the leak; however a spokesperson for the firm said 'We do not anticipate the possible availability of COFEE for cybercriminals to download and find ways to ‘build around' to be a significant concern'.[8]

Coffee Software Forensics

Use[edit]

The device is activated by being plugged into a USB port. It contains 150 tools and a graphical user interface to help investigators collect data.[1] The software is reported to be made up of three sections. First COFEE is configured in advance with an investigator selecting the data they wish to export, this is then saved to a USB device for plugging into the target computer. A further interface generates reports from the collected data.[7] Estimates cited by Microsoft state jobs that previously took 3–4 hours can be done with COFEE in as little as 20 minutes.[1][9]

COFEE includes tools for password decryption, Internet history recovery and other data extraction.[2] It also recovers data stored in volatile memory which could be lost if the computer were shut down.[10]

DECAF[edit]

In mid to late 2009 a tool named Detect and Eliminate Computer Acquired Forensics (DECAF) was announced by an uninvolved group of programmers. The tool would reportedly protect computers against COFEE and render the tool ineffective.[11] It alleged that it would provide real-time monitoring of COFEE signatures on USB devices and in running applications and when a COFEE signature is detected, DECAF performs numerous user-defined processes. These included COFEE log clearing, ejecting USB devices, and contamination or spoofing of MAC addresses.[12] On December 18, 2009 the DECAF creators announced that the tool was a hoax and part of 'a stunt to raise awareness for security and the need for better forensic tools'.[13][14][15][16]

See also[edit]

  • Windows To Go, bootable USB drive with Windows capable of running data recovery/collection utilities

References[edit]

  1. ^ abcd'Brad Smith: Law Enforcement Technology Conference 2008'. Microsoft Corporation. 2008-04-28. Archived from the original on 2012-02-23. Retrieved 2008-05-19.
  2. ^ abRomano, Benjamin J. (2008-04-29). 'Microsoft device helps police pluck evidence from cyberscene of crime'. The Seattle Times. Retrieved 2008-05-19.
  3. ^'Microsoft Calls on global public-private partnerships to Help in the Fight Against Cybercrime (Q&A with Tim Cranton, Associate General Counsel for Microsoft)'. Microsoft Corporation. 2008-04-28. Retrieved 2008-05-19.
  4. ^'INTERPOL initiative with Microsoft aims to raise global standards against cybercrime through strategic partnership with IT sector'. INTERPOL. Archived from the original on 2009-07-15. Retrieved 2009-07-16.
  5. ^http://www.microsoft.com/industry/government/solutions/cofee/default.aspx
  6. ^'Microsoft COFEE law enforcement tool leaks all over the Internet'. TechCrunch. Retrieved 2009-11-07.
  7. ^ ab'More COFEE Please, on Second Thought'. Retrieved 2009-11-09.
  8. ^Pullin, Alexandra. 'Microsoft's not bothered about COFEE leak'. The Inquirer. Retrieved 24 August 2010.
  9. ^Valich, Theo (2008-05-07). 'Microsoft's new product goes against crime: Meet (Hot) COFEE'. Tigervision Media. Archived from the original on 2008-05-17. Retrieved 2008-05-19.
  10. ^Mills, Elinor (2008-04-29). 'Microsoft hosts its own police academy'. CNet News.com. Retrieved 2008-05-19.
  11. ^Michael, Bartolacci (2012). Advancements and Innovations in Wireless Communications and Network Technologies. IGI Global. p. 226. ISBN1466621540. Retrieved 26 June 2015.
  12. ^Goodin, Dan (14 December 2009). 'Hackers declare war on international forensics tool'. The Register. Retrieved 15 December 2009.
  13. ^Eaton, Nick. 'Anti-COFEE tool DECAF revealed as stunt'. Seattle PI. Retrieved 26 June 2015.
  14. ^'DECAF Was Just a Stunt, Now Over'. Slashdot. Retrieved 26 June 2015.
  15. ^'Anti-forensische tool DECAF geen hoax'. Security.nl. Retrieved 26 June 2015.
  16. ^Zetter, Kim (14 December 2009). 'Hackers Brew Self-Destruct Code to Counter Police Forensics'. Wired.com. Retrieved 15 December 2009.

External links[edit]

  • 'Microsoft Computer Online Forensic Evidence Extractor (COFEE)'. Microsoft Corporation. Archived from the original on 2012-06-21. Retrieved 2009-10-17.
  • 'Regular or Decaf? Tool launched to combat COFEE'. Praetorian Prefect. Retrieved 2009-12-18.
  • 'Reactivating DECAF in Two Minutes'. Praetorian Prefect. Archived from the original on February 23, 2014. Retrieved 2009-12-18.

Phone Forensics Software

Forensic
Retrieved from 'https://en.wikipedia.org/w/index.php?title=Computer_Online_Forensic_Evidence_Extractor&oldid=918188761'
Software

Video Forensic Software


From WikiLeaks

Jump to: navigation, search

Unless otherwise specified, the document described here:

  • Was first publicly revealed by WikiLeaks working with our source.
  • Was classified, confidential, censored or otherwise withheld from the public before release.
  • Is of political, diplomatic, ethical or historical significance.

Any questions about this document's veracity are noted.

The summary is approved by the editorial board.

See here for a detailed explanation of the information on this page.

If you have similar or updated material, see oursubmission instructions.

Release date
November 30, 2009

This release presents the Microsoft COFEE (Computer Online Forensics Evidence Extractor) tool version 1.1.2 as well as related documentation. The tool is reportedly not publicly available for purchase or made available, as far as we can ascertain, to a number of developing world polices forces.

The ZIP archive includes the MSI installer file, the handbook and documentation for each single tool COFEE is comprised of, verification studies from both the Florida State University (FSU) as well as the National White Collar Crime Center (NW3C).

The WikiLeaks release follows various takedown demands issued by Microsoft[1], including one sent to Cryptome's John Young[2], and an uncontrolled spread of contaminated versions of the tool via P2P filesharing networks, which may compromise important investigations.

Download

File Torrent Magnet
Context
United States
Company
Microsoft
File size in bytes

Free Forensic Software

37628547
File type information
Cryptographic identity
SHA256 c217bbfbfe95575ab0e5cda2e8c1bf387c5356749a98f79b1ec5194061febef0


Free Computer Forensics Software

Retrieved from 'https://www.wikileaks.org/wiki/Microsoft_COFEE_(Computer_Online_Forensics_Evidence_Extractor)_tool_and_documentation,_Sep_2009'
Coments are closed
Toshiba External Hdd DriverPrivate Investigator Case Management Software
Scroll to top